Facebook has discovered a security issue affecting 50 million accounts, which could have let hackers take over the accounts and access users' personal information.
"Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based," Facebook vice president of product management Guy Rosen said in a blog post Friday.
Rosen said the company discovered the issue on Tuesday and notified law enforcement. The attackers exploited a hole in Facebook's code related to the "View As" function, which lets people see what their profiles look like to other users.
A total of 90 million users will have their access tokens reset, the company said, which means they will have to log back in the next time they try to use Facebook. When they log in they will see a message at the top of their news feed explaining what happened.
Shares in Facebook fell sharply on the news. CEO Mark Zuckerberg addressed the issue in a post on his own page as well.
"While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place," he said. (His post had more than 2,000 user comments within 20 minutes.)
The company did not specify whether users in any particular country were affected. In its most recent quarter, Facebook reported 1.47 billion daily active users worldwide.
The attorney general of North Carolina, Josh Stein, suggested in a Twitter post that his office would investigate the breach.